Harald Welte <laforge@xxxxxxxxxxxx> wrote:
>
> From a functionality point of view: yes.
>
> From a performance point of view, there are applications for really dumb
> static NAT where you don't want to pull all the dependencies from
> ip_conntrack over ip_tables.
Well the problem is nobody is stepping forward to fix it. It was removed
not because it was redundant, but because it was broken.
Until someone actually fixes it, it can't go back in.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt